diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index dccab6de..0c0fb102 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -2034,6 +2034,14 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, /* Compute the number of tiles */ l_cp->tw = opj_int_ceildiv(l_image->x1 - l_cp->tx0, l_cp->tdx); l_cp->th = opj_int_ceildiv(l_image->y1 - l_cp->ty0, l_cp->tdy); + + /* Check that the number of tiles is valid */ + if (l_cp->tw == 0 || l_cp->th == 0 || l_cp->tw > 65535 / l_cp->th) { + opj_event_msg( p_manager, EVT_ERROR, + "Invalid number of tiles : %u x %u (maximum fixed by jpeg2000 norm is 65535 tiles)\n", + l_cp->tw, l_cp->th); + return OPJ_FALSE; + } l_nb_tiles = l_cp->tw * l_cp->th; /* Define the tiles which will be decoded */ diff --git a/tests/nonregression/test_suite.ctest.in b/tests/nonregression/test_suite.ctest.in index 3f2067f6..2396a474 100644 --- a/tests/nonregression/test_suite.ctest.in +++ b/tests/nonregression/test_suite.ctest.in @@ -78,8 +78,8 @@ opj_decompress -i @INPUT_NR_PATH@/mem-b2b86b74-2753.jp2 -o @TEMP_PATH@/mem-b2b8 !opj_decompress -i @INPUT_NR_PATH@/gdal_fuzzer_unchecked_numresolutions.jp2 -o @TEMP_PATH@/gdal_fuzzer_unchecked_numresolutions.pgx # issue 192 raised by the gdal fuzzer test (should nicely failed) ! opj_decompress -i @INPUT_NR_PATH@/gdal_fuzzer_assert_in_opj_j2k_read_SQcd_SQcc.patch.jp2 -o @TEMP_PATH@/gdal_fuzzer_assert_in_opj_j2k_read_SQcd_SQcc.patch.pgx -# issue 193 raised by the gdal fuzzer test (should properly failed) -opj_decompress -i @INPUT_NR_PATH@/gdal_fuzzer_check_number_of_tiles.jp2 -o @TEMP_PATH@/gdal_fuzzer_check_number_of_tiles.pgx +# issue 193 raised by the gdal fuzzer test (should nicely failed) +!opj_decompress -i @INPUT_NR_PATH@/gdal_fuzzer_check_number_of_tiles.jp2 -o @TEMP_PATH@/gdal_fuzzer_check_number_of_tiles.pgx # issue 194 raised by the gdal fuzzer test (should properly failed) opj_decompress -i @INPUT_NR_PATH@/gdal_fuzzer_check_comp_dx_dy.jp2 -o @TEMP_PATH@/gdal_fuzzer_check_comp_dx_dy.pgx